CVE-2025-14893

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CVE-2025-14893

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CVE-2025-14893

CVE-2025-14893 : The IndieWeb WordPress plugin is vulnerable to a stored XSS via the Telephone parameter in all versions up to 4.0.5, with exploitation limited to authenticated attackers holding at least author-level access. The vulnerability allows injection of arbitrary scripts that run when us...

PT-2026-1757

Name of the Vulnerable Software and Affected Versions IndieWeb plugin for WordPress versions through 4.0.5 Description The IndieWeb plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the Telephone...

WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

EUVD-2025-203343

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

CVE-2025-14710

The connected Red Hat/CVE and NVD entries confirm CVE-2025-14710 affects FantasticLBP Hotels Server, specifically a SQL injection in /controller/api/OrderList.php via the telephone parameter. Exploitation is remote and publicly available, with the issue tied to a rolling-release deployment where ...

PT-2025-51209

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

FantasticLBP Hotels Server SQL注入漏洞

FantasticLBP Hotels Server is a hotel reservation system backend management system by FantasticLBP individual developers. FantasticLBP Hotels Server suffers from a SQL injection vulnerability, which stems from the incorrect manipulation of the parameter telephone in the file...

EUVD-2019-17783

Malware in sbrugna...

CVE-2019-8393

HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...

CVE-2019-8393

HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...

SQL Injection Vulnerability in the mobile_check Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the tel parameter in the mobilecheck method of...

Fast Breakfast App Has Arbitrary User Payment Password Change Vulnerability

Fast Breakfast APP is a mobile service software. There is an arbitrary user payment password modification vulnerability in Fast Breakfast APP. Due to the use of loginStatus and userTel parameters to query the userID of any user, it is possible to modify the payment password of any user...